I Want Your [insert social network here] Login!

Employers Without A Clue

Reading several articles and seeing numerous Facebook posts about this situation: You’re looking for a job. Maybe you have aced the initial resume screen, phone screen and are in the face-to-face interview. Maybe you’re not quite that far in the process yet. It doesn’t matter. What does matter is you know employers are searching you out on your social media outlets – Facebook, Twitter, LinkeIN, YouTube, [insert social network of the day here]. What you may not know, is they are asking for your login credentials these days.

The Primary Problems With Requesting Login Credentials

Sharing Credentials Is Fundamentally Wrong For Security

As an Information Technology student, instructor, system administrator, web developer, mobile app developer by education and work history and trade, there is absolutely nothing that is proper about asking someone else for their user credentials for ANY service, even if the Business asking OWNS the service! If the business owns the service, there should be tools to reset the user credentials and/or remove them when it is necessary to do so. So it should never be asked of from anyone!

Anyone who has been in the industry absolutely without a doubt knows the first and foremost security precaution is to NEVER share your credentials. EVER.

Sharing Credentials Is Unethical

By sharing credentials, any individual is essentially compromising their self ethic, work ethic and not to mention, in the case of social media, the family, friend and acquaintances ethics. How? Well, if one knows it is wrong to share credentials, yet do so anyway, that person is forgoing any self ethic he or she may have. If someone is willing to do that for themselves, which in all rights self is generally more important than the business in question just based upon what I have witnessed firsthand, why would he or she not then, compromise any work ethic, should the job be offered and accepted? If a person is willing to compromise themself, would the chances be greater or lesser that that same person would compromise the employer’s security by sharing credentials?

What about my family and friends on social networks? How would you feel if your friends or family provided 100% full access to someone barley known for a job interview – yes 15-30 minute phone interview, maybe an hour or two in person interview does not mean the prospective employer’s representative can be trusted – and trusted them with the most valuable circle of family and friends. Well, by compromising ethics, if a person allows this access, that person has now put family and friends’ information into hands of what is a complete stranger to them. You see, family and friends may have their sharing set to “Private” which means only family and friends can see their information. In sense, it’s possible the person trying to find a job to provide for their family just ruined one of the most valuable assets – the family and friend network, and ruined any trust placed in them by that network.

Sharing Credentials Is Usually A Violation of Services’ ToS

One service for sure, Facebook, spells out this very clearly. In their Terms of Service or ToS, they clearly define the following:

3. Safety

We do our best to keep Facebook safe, but we cannot guarantee it. We need your help to do that, which includes the following commitments:

You will not send or otherwise post unauthorized commercial communications (such as spam) on Facebook.

You will not collect users’ content or information, or otherwise access Facebook, using automated means (such as harvesting bots, robots, spiders, or scrapers) without our permission.

You will not engage in unlawful multi-level marketing, such as a pyramid scheme, on Facebook.

You will not upload viruses or other malicious code.

You will not solicit login information or access an account belonging to someone else.

You will not bully, intimidate, or harass any user.

You will not post content that: is hateful, threatening, or pornographic; incites violence; or contains nudity or graphic or gratuitous violence.

You will not develop or operate a third-party application containing alcohol-related or other mature content (including advertisements) without appropriate age-based restrictions.

You will follow our Promotions Guidelines and all applicable laws if you publicize or offer any contest, giveaway, or sweepstakes (“promotion”) on Facebook.

You will not use Facebook to do anything unlawful, misleading, malicious, or discriminatory.

You will not do anything that could disable, overburden, or impair the proper working of Facebook, such as a denial of service attack.

You will not facilitate or encourage any violations of this Statement.

Plain, simple English that states one will not solicit login information or access an account belonging to someone else. Can it be made any plainer? Can it be made any simpler? No.

Look at number 10! According to the article, it is a FEDERAL CRIME to access and use a social network as someone else. Right there, that is UNLAWFUL. You don’t have to worry though, because it seems the powers that be would rather prosecute Grandpa for a grandchild sharing some music on the Internet than prosecute someone impersonating someone else and accessing a social network as someone else.

Finally, number 12 explicitly states that one will not facilitate or encourage violations of this Statement. So if someone were to allow a prospective employer to access their personal account, he or she is facilitating a violation of number 5, 10 and 12. Thus, is it possible the employer could be absolved in a case on this and it fall on to the person who “facilitated” the violation, by sharing login credentials.

Yes, that is likely how it would play out, and even if not, is there anything that strikes you as any of this being okay to do yet? I didn’t think so.

Discriminatory Potential

I felt it necessary to separate out the potential for Discrimination. Why? It is unlawful for a prospective employers in the United States to deny employment based upon religious affiliation/orientation/denomination, sexual orientation, race or creed. They cannot even legally ask these types questions on an application or during the interview process.

Yet, with most social networks such as Facebook (highlighted since they are the primary in the article and the primary network right now), people often share this information with their family and friends. What? Yes, often people will post a “Prayer” picture or a Gay Rights photo. They may comment on an organization that they support that is affiliated with a specific religion or sexual orientation. They may even support an organization that is racially oriented working on racial equality.

So how is it proper for an employer to ask for a level of information that is safe guarded by laws? I don’t feel it is proper. Not proper at all.

How it is proper for an employer to ask for a level of information that means the prospective employee and employer are both guilty of violating the service’s ToS? I don’t feel it is proper to do that either.

How it is proper that an employer willingly ask a prospective employee to compromise their own personal and work ethic and share credentials for the employer to break the law? Again, I don’t see it as being proper at all.

What if you are a Christian and the hiring manager has an aversion to Christianity. Or if you are a Muslim or Atheist and the hiring manager has an aversion to that?

I know where I stand in my faith – but I do not feel ever that discriminating against someone is the right way to practice faith. Same pretty goes with everything else – race, sex or whatever. People should not have fates decided upon the basis of these beliefs, lifestyles or heritage.

A Very Bad Situation

Situations such as this compromise all groups of people, not a specific religion or sexual orientation. They don’t exclude certain races or creeds. Laws prevent this from being accessible during the interview and hiring process, yet by asking for unbridled access to a prospective employee’s accounts, the exact opposite is possible.

What I believe, support, think and share with my family and friends online or offline, is absolutely not the business of a prospective employer if I have chosen NOT to make it public. If it is public, they can view it. If it is not public, then the employer, who is likely neither family nor friend, doesn’t need access to it.

Above all, if a prospective employer is asking me to violate a service’s Terms of Service agreement or other “contract” of use, or to break the law, why would I want to work there in the first place? Personally, I wouldn’t work for a company that asks this of me.

>>UPDATE<<

Seems Facebook is responding to this situation by urging users not to do this practice and urging employers not to ask for credentials. This Denver Post article glazes their response, but specifically mentions, as I mentioned, the liability employers open up for discrimination by finding out otherwise protected information about potential employees.

You can read the Facebook Blog Post by Erin Egan, Chief Privacy Office, Policy and see their stance

What Do You Think?

What are your views on this? Would you, in order to obtain employment, submit to handing over your Facebook or Twitter login? Is one more valuable than the other?

Do you see any ethical, moral, or legal objections to stop you from handing over the information, if requested?